May 16, 2018

No, E-mail Encryption is Not Dead

John and I watched the escalating reports of the death of e-mail encryption over the last several days with a growing sense of unease, as the facts were misstated and the conclusions seemed overblown. After an enormous amount of reading, John felt comfortable yesterday in putting out a blog post on this subject in his Your IT Consultant blog.

The Washington Post carried a balanced story yesterday morning noted that the security community had its own encryption debate after the discovery of the new encryption flaw known as Efail. In the end, I think it is reckless to tell people to stop using encrypted e-mail. The problem isn't with PGP or S/MIME but with the way e-mail clients have implemented it – and this can be fixed.

One of my blog readers was intrigued by the fact that I didn't jump on this news immediately. When stories like this break, and don't pass my personal 'smell' test, my inclination is to let the fire burn down a bit before coming to a rapid (and wrong) conclusion.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.